Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1151de818776c906cf7e06cc24c91f5f

  • Size

    128KB

  • Sample

    231230-hgszzaeacl

  • MD5

    1151de818776c906cf7e06cc24c91f5f

  • SHA1

    6cd199b2909eea9731de0dfcaa73a1370d7bfdd7

  • SHA256

    e4310114f26e15fa07e71124920ed389f53e21ee57aad649e912ea15ef4e5ebf

  • SHA512

    d452b51448d38337141a8f6b6d7f6d2941042493baa8e30e91f187f6d4b22e7cc6da14543e7fa141ae1a4dadb5bcbe0f70d0912eb0d63195d1c72cbb493b1e59

  • SSDEEP

    3072:tlf2sc96eDRPXOIGdZ5XNKgfTuoTnA8pUfJ9Ifs20mBtHux/:/WdvGdNVLuoTnRpOUkEBtHw

Malware Config

Targets

    • Target

      1151de818776c906cf7e06cc24c91f5f

    • Size

      128KB

    • MD5

      1151de818776c906cf7e06cc24c91f5f

    • SHA1

      6cd199b2909eea9731de0dfcaa73a1370d7bfdd7

    • SHA256

      e4310114f26e15fa07e71124920ed389f53e21ee57aad649e912ea15ef4e5ebf

    • SHA512

      d452b51448d38337141a8f6b6d7f6d2941042493baa8e30e91f187f6d4b22e7cc6da14543e7fa141ae1a4dadb5bcbe0f70d0912eb0d63195d1c72cbb493b1e59

    • SSDEEP

      3072:tlf2sc96eDRPXOIGdZ5XNKgfTuoTnA8pUfJ9Ifs20mBtHux/:/WdvGdNVLuoTnRpOUkEBtHw

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Modifies file permissions

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks